Skip to content

Data protection

All organisations must comply with the applicable data protection legislation when processing personal data, regardless if you are a public authority, a small company or an association.

This applies accordning to the GDPR

You must comply with the GDPR when processing personal data.

Lawful grounds for personal data processing

In order to process personal data, you must have a lawful ground.

The GDPR fundamental principles

All processing of personal data must comply with the basic principles of the GDPR.

Information security

Processed personal data must be protected.

Notification of a personal data breach

Data controllers are obligated to report certain personal data breaches to IMY.

Transfer of personal data to a third country

When personal data is sent outside the EU/EEA, the rules for transfer to third countries apply.

Data protection officers

In certain cases, you must have a data protection officer.

Data controllers and data processors

You are either a data controller or a data processor.

Impact assessments and prior consultation

Impact assessment aims to prevent risks and protect personal data.

 

Learn more about data protection

 

GDPR guide for small and medium-sized businesses

The European Data Protection Board (EDPB) has produced a GDPR guide for small and medium-sized enterprises. The guide is designed to facilitate compliance with the GDPR and includes videos, interactive flowcharts and other practical materials.

EDPB:s GDPR-guide in English

GDPR guide for small and medium-sized businesses

The European Data Protection Board (EDPB) has produced a GDPR guide for small and medium-sized enterprises. The guide is designed to facilitate compliance with the GDPR and includes videos, interactive flowcharts and other practical materials.

EDPB:s GDPR-guide in English

 

News from IMY 

 

About the information on this page

If the information in English is different from the Swedish version of this page, the Swedish version applies.

 

Latest update: 5 June 2025
Page labels Data protection